Title :
Towards Internet voting security: A threat tree for risk assessment
Author :
Pardue, Harold ; Yasinsac, Alec ; Landry, Jeffrey
Author_Institution :
Sch. of Comput. & Inf. Sci., Univ. of South Alabama, Mobile, AL, USA
Abstract :
The Internet is a dangerous place for any critical application and is particularly risky for binding government elections where every vote must count. The complex interplay of people, processes, equipment, software, policies, and legislation in a networked environment that spans national boundaries makes, for example, determining the precise likelihood of a threat nearly impossible. This does not mean, however, that the risk analyst cannot model, understand, and assess the risks to Internet voting systems. To that end, this paper presents a threat tree for risks to Internet voting systems. The Internet voting threat tree was successfully vetted by a panel of elections officials, security experts, academics, election law attorneys, representation from governmental agencies, voting equipment vendors, and voting equipment testing labs. We submit that this threat tree is sufficiently abstract to be useful in a wide range of risk assessment techniques.
Keywords :
Internet; government data processing; risk management; security of data; Internet voting security; Internet voting systems; government elections; risk assessment techniques; threat tree; Cryptography; Internet; Malware; Nominations and elections; Risk management; Software; Unified modeling language; Internet Voting; Risk Assessment; Threat Trees;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2010 Fifth International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4244-8641-0
Electronic_ISBN :
978-1-4244-8642-7
DOI :
10.1109/CRISIS.2010.5764925
